[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Throughput with large ruleset

To: <misc@openbsd.org>
Subject: Throughput with large ruleset
From: "James Ashton" <admin@gitflorida.com>
Date: Thu, 14 Mar 2002 13:44:28 -0500

I have an interesting situation that I would love some advice on. We have a
client that has a roughly 24Mb/s net connection. He would like to run all of
his bandwidth through 1 firewall. Normaly I wouldnt be worried but he has a
rather large ruleset. He has almost 100 rules. 40 or so are fairly standard.
block port 80 on ip x.x.x.x etc. He also has 50 - 60 trafic shaping rules.
Right now he is running then through his cisco. He wants to put these rules
on the firewall. I have used ALTQ for this before but never with this amount
of bandwidth.and with as extensive a firewall ruleset. If anyone has any
expiriance with something like this, what I would like to know is potential
problems with OpenBSD+PF+ALTQ with this much bandwidth. Also, The box is
going to have 5 NICs. 1 external and 4 internal to his differant network
segments. No NATing but he doesnt want the firewall to noticably slow his
traffic. In this situation how fast a box are we talking about? I was
planning on a 1Ghz box with 256 meg DDR ram. Is that going to be enought to
handle this load??

Thanks

James Ashton
admin@gitflorida.com

Follow-Ups:
- Re: Throughput with large ruleset
  - From: Henning Brauer <lists-openbsd@bsws.de>
- Re: Throughput with large ruleset
  - From: Dan Brosemer <odin@svartalfheim.net>

Prev by Date: Re: Installing a new hard drive
Next by Date: pf closes access to named
Prev by thread: Re: pf firewall rules, dns lookup not working
Next by thread: Re: Throughput with large ruleset
Index(es):
- Date
- Thread